[Triumf-linux-managers] Re: vulnerability in SL-5 64-bit kernel
Kelvin Raywood
kray at triumf.ca
Mon Sep 20 15:41:22 PDT 2010
RedHat have not yet released a fixed kernel and the best estimate is
"early this week". However, for those of you that cannot disable 32-bit
binaries, there is another option. CERN have built a Scientific-Linux 5
kernel that fixes the vulnerability. See the message below.
If you wish to use the CERN kernel, download it from the link below and do
yum localinstall kernel-2.6.18-194.11.3.el5.cve20103081.x86_64.rpm
and then reboot into the new kernel.
When the fixed RedHat kernel is released, then it will be installed via
aautomatic updates.
--
Kel Raywood
Core Computing and Networking
-------- Original Message --------
Subject: [Site-Security-Contacts] SLC5 patch for CVE-2010-3081 kernel
vulnerability
Date: Mon, 20 Sep 2010 13:22:53 +0200
From: Leif Nixon <nixon at nsc.liu.se>
To: site-security-contacts at mailman.egi.eu
CC: egi-csirt-team at mailman.egi.eu, ngi-security-contacts at mailman.egi.eu
Dear site security contacts,
The previously announced kernel update for Scientific Linux CERN 5
x86_64 fixing the CVE-2010-3081 vulnerability has seen large-scale
deployment at multiple sites (including CERN), with no or few reported
problems.
Given this, and given that this is a critical vulnerability, the EGI
CSIRT recommends all SLC5 sites to install this kernel update as soon as
possible.
The update is available here:
http://linuxsoft.cern.ch/cern/slc5X/x86_64/yum/testing/kernel-2.6.18-194.11.3.el5.cve20103081.x86_64.rpm
This may be installed on SLC5 hosts by running
# yum --enablerepo=slc5-testing install kernel
More information about the vulnerability can be found here:
https://access.redhat.com/kb/docs/DOC-40265
For your information, Red Hat reports that they expect to release an
official kernel update "early this week", and Debian and Ubuntu have
already released updates.
--
Leif Nixon - EGI CSIRT
On Friday Sep 17, 2010 Kelvin Raywood wrote:
> This is an important security message to all managers of Linux machines
> at TRIUMF.
>
> A privilege-escalation vulnerability in the 64-bit version of the Linux
> kernel has been identified and an exploit that abuses it is publicly
> available. All 64-bit RedHat Enterprise-Linux 5 kernels and thus
> Scientific-Linux 5 systems are vulnerable.
>
> Not affected: 32-bit systems, Scientific-Linux 4 and earlier
>
> This vulnerability can only be exploited by someone who can already
> login as a normal user. However the recent incident involving ibm00 and
> many other Linux machines at TRIUMF reminds us that it only takes one
> compromised account to expose the passwords of many users.
>
> RedHat have not yet released a fixed kernel, but the vulnerability can
> be nullified by disabling execution of 32-bit binaries on 64-bit
> systems. I have created an rpm to do this and added it to the TRIUMF
> rpm repository.
>
> The TRIUMF Computing Security Committee recommends that you install this
> on all 64-bit SL-5 systems that you manage. Install with:
>
> yum install triumf-disable-elf32
>
> With this package installed, 32-bit binaries such as acroread or
> flash-plugin will not run. If you start them from a terminal, the
> message "32-bit binaries are disabled" will be printed. This can be a
> serious inconvenience but there are usually alternatives and it is
> likely that a fixed kernel will be available by Monday.
>
> More info at: https://access.redhat.com/kb/docs/DOC-40265
>
>
> --
> Kel Raywood
> TRIUMF Computing Security Committee
>
>
More information about the Triumf-linux-managers
mailing list